[Bug 23652] New: Need for a non-normative section describing implementation security concerns and mitigation strategies from bugzilla@jessica.w3.org on 2013-10-28 (public-browser-tools-testing@w3.org from October to December 2013)

From: <bugzilla@jessica.w3.org>
Date: Mon, 28 Oct 2013 10:40:13 +0000
To: public-browser-tools-testing@w3.org
Message-ID: <bug-23652-5015@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=23652

            Bug ID: 23652
           Summary: Need for a non-normative section describing
                    implementation security concerns and mitigation
                    strategies
           Product: Browser Test/Tools WG
           Version: unspecified
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: WebDriver
          Assignee: public-browser-tools-testing@w3.org
          Reporter: tobie.langel@gmail.com
        QA Contact: public-browser-tools-testing@w3.org
                CC: mike@w3.org

Concerns around implementation security issues are preventing adoption of
WebDriver notably in the TV industry, which is worried WebDriver could be used
to subvert a user's TV set.

It would be extremely useful to either have a (non-normative) section on
security within the spec, describing the potential security risks (including
social engineering) and mitigation strategies, or have such a document hosted
elsewhere to which I could point to when security is brought up as a concern.

Case studies on how the security concerns have been resolved in shipping
implementations would also be tremendously useful.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Monday, 28 October 2013 10:40:15 UTC